Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-38164

SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.

Published

2021-09-14T12:15:10.963

Last Modified

2024-11-21T06:16:32.037

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-862
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	erp_financial_accounting	100	Yes
Application	sap	erp_financial_accounting	101	Yes
Application	sap	erp_financial_accounting	102	Yes
Application	sap	erp_financial_accounting	103	Yes
Application	sap	erp_financial_accounting	104	Yes
Application	sap	erp_financial_accounting	105	Yes
Application	sap	erp_financial_accounting	602	Yes
Application	sap	erp_financial_accounting	603	Yes
Application	sap	erp_financial_accounting	604	Yes
Application	sap	erp_financial_accounting	605	Yes
Application	sap	erp_financial_accounting	606	Yes
Application	sap	erp_financial_accounting	616	Yes
Application	sap	erp_financial_accounting	618	Yes
Application	sap	erp_financial_accounting	700	Yes
Application	sap	erp_financial_accounting	720	Yes
Application	sap	erp_financial_accounting	730	Yes
Application	sap	erp_financial_accounting	s4core	Yes
Application	sap	erp_financial_accounting	sap_appl_-_600	Yes
Application	sap	erp_financial_accounting	sap_fin_-_617	Yes
Application	sap	erp_financial_accounting	sapscore_-_125	Yes

References

https://launchpad.support.sap.com/#/notes/3068582 Permissions Required ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3068582 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)